Section 5 Introduction
Information and information systems are strategic assets to all University System of Georgia (USG) entities. The Board of Regents (BoR) recognizes that information created, collected, or distributed using technology by a USG institution, the University System Office (USO), and the Georgia Public Library System (GPLS) is a valuable asset and must be protected from unauthorized disclosure, modification, or destruction. The degree of protection needed is based on the nature of the resource and its intended use. Each USG institution, the USO, and the GPLS have the responsibility to employ prudent information security standards and best practices to minimize the risk and threats to the integrity, confidentiality, and availability of USG information and information systems.
Information security means the protection of information and information systems, equipment, and people from a wide spectrum of risks and threats. Implementing appropriate security measures and controls to provide for the confidentiality, integrity, and availability of information, regardless of its form (electronic, print, or other media) is critical to ensure business continuity and protection against unauthorized access, use, disclosure, disruption, modification, or destruction.
It is USG policy to provide an environment that encourages the free exchange of ideas and sharing of information. Access to this environment and the USG’s information technology (IT) resources is a privilege and must be treated with the highest of ethical standards.
Applicability and Compliance
All USG institutions, the USO, and the GPLS must comply with the information security and privacy policies, standards, and procedures issued by USG Information Security & ePrivacy, and report and file the appropriate compliance documents as identified in this policy. All USG institutions, the USO, and the GPLS must adhere to the Information Security Reporting Requirements, as noted in Section 5.7 of this Handbook.
The scope of this section is to have broad application, particularly with respect to information and information systems, which impact the operational levels of the USG institutions, the USO, and the GPLS. In a similar manner, all contractual agreements with 3rd party vendors must adhere to the guidance provided. An appropriate Service Level Agreement (SLA) and Non-Disclosure Agreement (NDA) should be constructed to ensure roles and requirements are acknowledged and followed.
The following definitions of Confidentiality, Integrity, Availability, Policy, Standard, and Guideline are used throughout this section.
- Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
- Integrity: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.
- Availability: Ensuring timely and reliable access to and use of information.
- Policy: A policy is typically a concise document that outlines specific requirements, business rules, or company stance that must be met. The policy is the organization’s stance on an issue, program, or system. It is a rule that everyone must meet.
- Standard: A standard is a requirement that supports a policy.
- Guideline: A guideline is a document that suggests a path or guidance on how to achieve or reach compliance with a policy.